*Please note that there are affiliate links in this blog post and I may earn a commission if you click them and make a purchase (at no cost to you).
So you’ve spent ages building your beautiful website, you're starting to attract some decent traffic and then BANG! Your visitors start getting messages like this:
Your webhost may take your site down, Google will either block your site or warn potential visitors that it has been hacked. Even worse you may not realise and your clients details may become compromised.
Nobody wants this, but it does happen. Regularly.
Fortunately there are some steps you can take to minimise the likelihood of this happening and also some steps you can take to make sure that if it does, you firstly know about it! And secondly have a decent backup plan.
Protect your computer - Antivirus Software is not optional!
First thing you need to do to protect your business is make sure you have robust antivirus software installed on any device - laptop, tablet etc that you use to run your business. If you are spending a lot of time online - then you are inevitably more likely to expose your computer to potential attacks. These can come via email, or whilst you are browsing the web. Whatever their source, dealing with an infected computer is no fun.
Whilst there is no software that can claim to be 100% effective, there are some highly recommended, free or pretty low cost options out there. Some will cover multiple devices such as laptops, phones and tablets under one licence. As an online business owner you cannot afford to have down time. Even worse imagine sending out an infected email to your clients!
This is a no brainer. Check out some reviews and invest now.
I recommend reading this Independent Antivirus Review.
Backup youR files
If you computer is compromised, one of the most popular tactics is for a hacker to use ransomware to block your access to your own files until you pay a ransom. Not nice.
To avoid having to pay a ransom make sure your files are backed up on a regular basis. This could be on an external hard drive that you regularly back up and then disconnect from your computer. These are generally not too expensive and can have huge capacities.
Another alternative or by using a cloud based service such as Google Drive. Many of these are free for smaller amounts of data - read The Best Cloud Storage Services for Backup. If you are constantly travelling this service can be especially useful as you don't want to be carrying a hard drive everywhere with you.
Neither of these methods are fail safe, but this is good practice, can save your business and also helps if your computer is stolen, lost or damaged.
Keeping your site secure
So now your computer is sorted, let's consider what you can do to keep your website well protected.
In terms of site security there are a some very clear differences between WordPress and those hosted on fully integrated packages such as Squarespace. If you run your site in Squarespace or similar then the majority of the responsibility for site security lies with the provider. They will seek to keep your site glitch free - but have come under attack themselves from hackers in the past.
If you run a WordPress site then the responsibility to keep your site secure is yours. The flexibility of WordPress means that malware can potentially be inserted into the coding by hackers. There are a number of things that you should do to to ensure your site is better protected:
Use complex passwords (WordPress & Squarespace)
Sounds simple and it is. When logging onto your website to update etc. make sure your password is complex. A random mix of letters and numbers is best. Make sure it is not the same as others you use.
To help you manage all your passwords (without having post it notes stuck everywhere!) there is free software out there to help. It lets you keep your passwords all in one place and can automatically fill them in (if you want), so you don’t have to remember them all. Check out Lastpass as an example of a handy free tool/
Make sure your website is HTTPS not HTTP
A good way of upping your site security is by ensuring it is HTTPS not HTTP. This is essential if you are dealing with clients information such as emails, personal information and bank details. HTTP is vulnerable to hackers seeing the information passing through your website. HTTPS makes this much more difficult by encrypting your information.
The good news is that this is pretty simple. Many web hosting services offer this for free - check with yours. If you want to do it yourself you will need get a dedicated IP address from your webhost and an SSL Certificate (secure socket layers). This guide sets out what you need to do in detail.
Google potentially ranks sites with HTTPS higher than those with HTTP, as they are deemed to be more reliable and higher quality. So there is an SEO bonus for this one!
Keep themes and plugins up to date
It is essential that any WordPress user keeps their themes and any plugins used on their site up to date, to minimise security risks. This is why using well known themes and plugins is good practice as they are more likely to be updated. Usually your WordPress dashboard will tell you when a theme or plugin needs to be updated. Check this regularly yourself or consider using update management software - read this article for further information.
Theme and plugin updates can have unanticipated consequences, so it can be a good idea to create a ‘child theme’ if you plan on modifying the original theme in anyway. Read this article from WordPress on why this is important and how to do it/
Keep WordPress up to date
It is also essential to keep WordPress itself up to date. Your WordPress dashboard will tell you when a new release has come out. I would recommend you allow the update, however before you do...
Make sure you have backed up your site before you start making changes as there can sometimes be unanticipated consequences of an update. You may also want to test the update to see what it does to your site. See how you can backup below.
Back up your website
This one is vital. If your site becomes really damaged by an attack then a secure backup is essential. Although your host may do this periodically (depending on your package), do not rely upon them - as many do not guarantee this service. This useful summary sets out the options available.
Many hosting sites will provide this as a service, with some charging extra.
Whichever option you choose, make sure you do this regularly and at some point it is likely that you will be so grateful that you did!
Install security plugins
The are lots of security plugins available that work to ensure your site is secure. These can have the downside of slowing the performance and like everything they are not 100% effective, but this is not a reason not to choose and install a good one. This summary set out 5 of the best!
Here are two that I like the look of!
Wordfence is a very popular plugin and free in its basic form. If you don't want to spend any money then it's pretty handy. It includes a form of Firewall - which is a great feature. Check out this in depth review for further information. Click here to check it out.
Securi offer both a free plugin and also a paid-for service - to ensure that your site is well protected from the outset, however they do not offer a free Firewall. This is included in their paid-for solution, but if you have a high value site then this and the support they provide if your site is attacked may well be worth considering. Click here to check it out.
Let somebody else take the strain!
If this all seems a little bewildering (and time consuming) then there is an alternative: Get somebody else to do it for you so you can concentrate on what you do best!
If you want to ensure your site is well protected, optimised and backed up in case the worst should happen then I have a solution - a Webcare Plan.
Reesa Digital Webcare Plan
If you subscribe to my Webcare Plan I will:
Keep your WordPress, themes, plugins all up to date to reduce the likelihood of an attack.
Regularly backup your website.
Reinstate your site if it is ever hacked.
Monitor your site for unwanted access.
Tidy your database and monitor performance, to ensure your site remains fast and responsive.
Provide you with fast & friendly support if the worst happens and your site is attacked.
How about my Advanced Webcare & Marketing Plan
I really want your business to be a success and information is power! In addition to the services supplied with my standard Webcare Plan I will:
Measure the performance of your site and provide a monthly analysis setting out how your visitors use it plus recommendations on how to improve conversions.
Scan and fix any broken links - these can be so annoying for your visitors and lose you customers.
Provide a monthly 45 minute call with me to discuss your website performance and marketing tactics. Let’s keep your business growing!